<div dir="ltr">Dear Alex<div><br></div><div>i already enable debugging and this is what i am getting on error_log while running : ipa trust-add --type=ad <a href="http://infra.com">infra.com</a> --admin Administrator --password</div><div><br></div><div><br></div><div><br></div><div><div>[Wed Mar 18 08:10:17.470460 2015] [:error] [pid 15176] ipa: DEBUG: WSGI wsgi_dispatch.__call__:</div><div>[Wed Mar 18 08:10:17.470571 2015] [:error] [pid 15176] ipa: DEBUG: WSGI jsonserver_session.__call__:</div><div>[Wed Mar 18 08:10:17.470821 2015] [:error] [pid 15176] ipa: DEBUG: found session cookie_id = 15b334c24b28c1e228c1e843efb0bf86</div><div>[Wed Mar 18 08:10:17.471493 2015] [:error] [pid 15176] ipa: DEBUG: found session data in cache with id=15b334c24b28c1e228c1e843efb0bf86</div><div>[Wed Mar 18 08:10:17.471613 2015] [:error] [pid 15176] ipa: DEBUG: jsonserver_session.__call__: session_id=15b334c24b28c1e228c1e843efb0bf86 start_timestamp=2015-03-18T08:06:18 access_timestamp=2015-03-18T08:10:17 expiration_timestamp=2015-03-18T08:26:18</div><div>[Wed Mar 18 08:10:17.471698 2015] [:error] [pid 15176] ipa: DEBUG: storing ccache data into file "/var/run/ipa_memcached/krbcc_15176"</div><div>[Wed Mar 18 08:10:17.472404 2015] [:error] [pid 15176] ipa: DEBUG: get_credential_times: principal=HTTP/kwtpocpbis01.solaris.local@SOLARIS.LOCAL, authtime=03/17/15 16:04:12, starttime=03/18/15 08:06:17, endtime=03/18/15 16:04:09, renew_till=01/01/70 03:00:00</div><div>[Wed Mar 18 08:10:17.472610 2015] [:error] [pid 15176] ipa: DEBUG: get_credential_times: principal=HTTP/kwtpocpbis01.solaris.local@SOLARIS.LOCAL, authtime=03/17/15 16:04:12, starttime=03/18/15 08:06:17, endtime=03/18/15 16:04:09, renew_till=01/01/70 03:00:00</div><div>[Wed Mar 18 08:10:17.472829 2015] [:error] [pid 15176] ipa: DEBUG: KRB5_CCache FILE:/var/run/ipa_memcached/krbcc_15176 endtime=1426683849 (03/18/15 16:04:09)</div><div>[Wed Mar 18 08:10:17.472978 2015] [:error] [pid 15176] ipa: DEBUG: set_session_expiration_time: duration_type=inactivity_timeout duration=1200 max_age=1426683549 expiration=1426656617.47 (2015-03-18T08:30:17)</div><div>[Wed Mar 18 08:10:18.484137 2015] [:error] [pid 15176] ipa: DEBUG: Created connection context.ldap2</div><div>[Wed Mar 18 08:10:18.484255 2015] [:error] [pid 15176] ipa: DEBUG: WSGI jsonserver.__call__:</div><div>[Wed Mar 18 08:10:18.484330 2015] [:error] [pid 15176] ipa: DEBUG: WSGI WSGIExecutioner.__call__:</div><div>[Wed Mar 18 08:10:18.484919 2015] [:error] [pid 15176] ipa: DEBUG: raw: trust_add(u'<a href="http://infra.com">infra.com</a>', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.113')</div><div>[Wed Mar 18 08:10:18.485210 2015] [:error] [pid 15176] ipa: DEBUG: trust_add(u'<a href="http://infra.com">infra.com</a>', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.113')</div><div>lpcfg_load: refreshing parameters from /usr/share/ipa/smb.conf.empty</div><div>params.c:pm_process() - Processing configuration file "/usr/share/ipa/smb.conf.empty"</div><div>Processing section "[global]"</div><div>INFO: Current debug levels:</div><div> all: 100</div><div> tdb: 100</div><div> printdrivers: 100</div><div> lanman: 100</div><div> smb: 100</div><div> rpc_parse: 100</div><div> rpc_srv: 100</div><div> rpc_cli: 100</div><div> passdb: 100</div><div> sam: 100</div><div> auth: 100</div><div> winbind: 100</div><div> vfs: 100</div><div> idmap: 100</div><div> quota: 100</div><div> acls: 100</div><div> locking: 100</div><div> msdfs: 100</div><div> dmapi: 100</div><div> registry: 100</div><div> scavenger: 100</div><div> dns: 100</div><div> ldb: 100</div><div>pm_process() returned Yes</div><div>Using binding ncacn_np:kwtpocpbis01.solaris.local[,]</div><div>s4_tevent: Added timed event "dcerpc_connect_timeout_handler": 0x7f5a6441f040</div><div>s4_tevent: Added timed event "composite_trigger": 0x7f5a6424ed80</div><div>s4_tevent: Added timed event "composite_trigger": 0x7f5a644b7f60</div><div>s4_tevent: Running timer event 0x7f5a6424ed80 "composite_trigger"</div><div>s4_tevent: Destroying timer event 0x7f5a644b7f60 "composite_trigger"</div><div>Mapped to DCERPC endpoint \pipe\lsarpc</div><div>added interface ens160 ip=172.16.107.244 bcast=172.16.107.255 netmask=255.255.255.0</div><div>added interface ens160 ip=172.16.107.244 bcast=172.16.107.255 netmask=255.255.255.0</div><div>s4_tevent: Ending timer event 0x7f5a6424ed80 "composite_trigger"</div><div>s4_tevent: Added timed event "connect_multi_timer": 0x7f5a64421500</div><div>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a64095f20</div><div>s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a64095f20</div><div>s4_tevent: Destroying timer event 0x7f5a64421500 "connect_multi_timer"</div><div>Socket options:</div><div> SO_KEEPALIVE = 0</div><div> SO_REUSEADDR = 0</div><div> SO_BROADCAST = 0</div><div> TCP_NODELAY = 1</div><div> TCP_KEEPCNT = 9</div><div> TCP_KEEPIDLE = 7200</div><div> TCP_KEEPINTVL = 75</div><div> IPTOS_LOWDELAY = 0</div><div> IPTOS_THROUGHPUT = 0</div><div> SO_REUSEPORT = 0</div><div> SO_SNDBUF = 663430</div><div> SO_RCVBUF = 261942</div><div> SO_SNDLOWAT = 1</div><div> SO_RCVLOWAT = 1</div><div> SO_SNDTIMEO = 0</div><div> SO_RCVTIMEO = 0</div><div> TCP_QUICKACK = 1</div><div> TCP_DEFER_ACCEPT = 0</div><div>s4_tevent: Added timed event "tevent_req_timedout": 0x7f5a6449da70</div><div>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5a640c4c30</div><div>s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5a640c4c30</div><div>s4_tevent: Destroying timer event 0x7f5a6449da70 "tevent_req_timedout"</div><div>Starting GENSEC mechanism spnego</div><div>Starting GENSEC submechanism gssapi_krb5</div><div>Ticket in credentials cache for admin@SOLARIS.LOCAL will expire in 5885 secs</div><div>s4_tevent: Added timed event "tevent_req_timedout": 0x7f5a644a23f0</div><div>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5a640c4c30</div><div>s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5a640c4c30</div><div>s4_tevent: Destroying timer event 0x7f5a644a23f0 "tevent_req_timedout"</div><div>s4_tevent: Destroying timer event 0x7f5a6441f040 "dcerpc_connect_timeout_handler"</div><div>Using binding ncacn_np:kwtpocpbis01.solaris.local</div><div>s4_tevent: Added timed event "dcerpc_connect_timeout_handler": 0x7f5a64030f60</div><div>s4_tevent: Added timed event "composite_trigger": 0x7f5a64360af0</div><div>s4_tevent: Added timed event "composite_trigger": 0x7f5a64491b50</div><div>s4_tevent: Running timer event 0x7f5a64360af0 "composite_trigger"</div><div>s4_tevent: Destroying timer event 0x7f5a64491b50 "composite_trigger"</div><div>Mapped to DCERPC endpoint \pipe\lsarpc</div><div>added interface ens160 ip=172.16.107.244 bcast=172.16.107.255 netmask=255.255.255.0</div><div>added interface ens160 ip=172.16.107.244 bcast=172.16.107.255 netmask=255.255.255.0</div><div>s4_tevent: Ending timer event 0x7f5a64360af0 "composite_trigger"</div><div>s4_tevent: Added timed event "connect_multi_timer": 0x7f5a640e6a40</div><div>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a6402ae00</div><div>s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a6402ae00</div><div>s4_tevent: Destroying timer event 0x7f5a640e6a40 "connect_multi_timer"</div><div>Socket options:</div><div> SO_KEEPALIVE = 0</div><div> SO_REUSEADDR = 0</div><div> SO_BROADCAST = 0</div><div> TCP_NODELAY = 1</div><div> TCP_KEEPCNT = 9</div><div> TCP_KEEPIDLE = 7200</div><div> TCP_KEEPINTVL = 75</div><div> IPTOS_LOWDELAY = 0</div><div> IPTOS_THROUGHPUT = 0</div><div> SO_REUSEPORT = 0</div><div> SO_SNDBUF = 663430</div><div> SO_RCVBUF = 261942</div><div> SO_SNDLOWAT = 1</div><div> SO_RCVLOWAT = 1</div><div> SO_SNDTIMEO = 0</div><div> SO_RCVTIMEO = 0</div><div> TCP_QUICKACK = 1</div><div> TCP_DEFER_ACCEPT = 0</div><div>s4_tevent: Added timed event "tevent_req_timedout": 0x7f5a644cde60</div><div>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5a64240aa0</div><div>s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5a64240aa0</div><div>s4_tevent: Destroying timer event 0x7f5a644cde60 "tevent_req_timedout"</div><div>Starting GENSEC mechanism spnego</div><div>Starting GENSEC submechanism gssapi_krb5</div><div>GSSAPI credentials for admin@SOLARIS.LOCAL will expire in 5885 secs</div><div>s4_tevent: Added timed event "tevent_req_timedout": 0x7f5a64093a80</div><div>s4_tevent: Schedule immediate event "tevent_queue_immediate_trigger": 0x7f5a64240aa0</div><div>s4_tevent: Run immediate event "tevent_queue_immediate_trigger": 0x7f5a64240aa0</div><div>s4_tevent: Destroying timer event 0x7f5a64093a80 "tevent_req_timedout"</div><div>s4_tevent: Destroying timer event 0x7f5a64030f60 "dcerpc_connect_timeout_handler"</div><div>Using binding ncacn_ip_tcp:kwtpocpbis01.solaris.local[,]</div><div>s4_tevent: Added timed event "dcerpc_connect_timeout_handler": 0x7f5a64240170</div><div>s4_tevent: Added timed event "dcerpc_connect_timeout_handler": 0x7f5a644d29c0</div><div>s4_tevent: Added timed event "composite_trigger": 0x7f5a643df470</div><div>s4_tevent: Added timed event "composite_trigger": 0x7f5a643fc900</div><div>s4_tevent: Running timer event 0x7f5a643df470 "composite_trigger"</div><div>s4_tevent: Destroying timer event 0x7f5a643fc900 "composite_trigger"</div><div>Mapped to DCERPC endpoint 135</div><div>added interface ens160 ip=172.16.107.244 bcast=172.16.107.255 netmask=255.255.255.0</div><div>added interface ens160 ip=172.16.107.244 bcast=172.16.107.255 netmask=255.255.255.0</div><div>s4_tevent: Ending timer event 0x7f5a643df470 "composite_trigger"</div><div>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f5a6448b6d0</div><div>s4_tevent: Destroying timer event 0x7f5a6448b6d0 "dcerpc_timeout_handler"</div><div>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a645345f0</div><div>s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a645345f0</div><div>s4_tevent: Destroying timer event 0x7f5a644d29c0 "dcerpc_connect_timeout_handler"</div><div> epm_Map: struct epm_Map</div><div> in: struct epm_Map</div><div> object : *</div><div> object : 00000000-0000-0000-0000-000000000000</div><div> map_tower : *</div><div> map_tower: struct epm_twr_t</div><div> tower_length : 0x0000004b (75)</div><div> tower: struct epm_tower</div><div> num_floors : 0x0005 (5)</div><div> floors: ARRAY(5)</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_UUID (13)</div><div> lhs_data : DATA_BLOB length=18</div><div>[0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..</div><div>[0010] 00 00 ..</div><div> rhs : union epm_rhs(case 13)</div><div> uuid: struct epm_rhs_uuid</div><div> unknown : DATA_BLOB length=2</div><div>[0000] 00 00 ..</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_UUID (13)</div><div> lhs_data : DATA_BLOB length=18</div><div>[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`</div><div>[0010] 02 00 ..</div><div> rhs : union epm_rhs(case 13)</div><div> uuid: struct epm_rhs_uuid</div><div> unknown : DATA_BLOB length=2</div><div>[0000] 00 00 ..</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_NCACN (11)</div><div> lhs_data : DATA_BLOB length=0</div><div> rhs : union epm_rhs(case 11)</div><div> ncacn: struct epm_rhs_ncacn</div><div> minor_version : 0x0000 (0)</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_TCP (7)</div><div> lhs_data : DATA_BLOB length=0</div><div> rhs : union epm_rhs(case 7)</div><div> tcp: struct epm_rhs_tcp</div><div> port : 0x0000 (0)</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_IP (9)</div><div> lhs_data : DATA_BLOB length=0</div><div> rhs : union epm_rhs(case 9)</div><div> ip: struct epm_rhs_ip</div><div> ipaddr : 0.0.0.0</div><div> entry_handle : *</div><div> entry_handle: struct policy_handle</div><div> handle_type : 0x00000000 (0)</div><div> uuid : 00000000-0000-0000-0000-000000000000</div><div> max_towers : 0x00000001 (1)</div><div>rpc request data:</div><div>[0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........</div><div>[0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...</div><div>[0020] 05 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4......</div><div>[0030] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......]</div><div>[0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..</div><div>[0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........</div><div>[0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........</div><div>[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........</div><div>[0080] 01 00 00 00 ....</div><div>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7f5a640d3b10</div><div>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f5a64437b50</div><div>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7f5a640d3b10</div><div>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7f5a640d3b10</div><div>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7f5a640d3b10</div><div>s4_tevent: Destroying timer event 0x7f5a64437b50 "dcerpc_timeout_handler"</div><div>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a64076bc0</div><div>s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a64076bc0</div><div> epm_Map: struct epm_Map</div><div> out: struct epm_Map</div><div> entry_handle : *</div><div> entry_handle: struct policy_handle</div><div> handle_type : 0x00000000 (0)</div><div> uuid : 00000000-0000-0000-0000-000000000000</div><div> num_towers : *</div><div> num_towers : 0x00000001 (1)</div><div> towers: ARRAY(1)</div><div> towers: struct epm_twr_p_t</div><div> twr : *</div><div> twr: struct epm_twr_t</div><div> tower_length : 0x0000004b (75)</div><div> tower: struct epm_tower</div><div> num_floors : 0x0005 (5)</div><div> floors: ARRAY(5)</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_UUID (13)</div><div> lhs_data : DATA_BLOB length=18</div><div>[0000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg..</div><div>[0010] 00 00 ..</div><div> rhs : union epm_rhs(case 13)</div><div> uuid: struct epm_rhs_uuid</div><div> unknown : DATA_BLOB length=2</div><div>[0000] 00 00 ..</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_UUID (13)</div><div> lhs_data : DATA_BLOB length=18</div><div>[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`</div><div>[0010] 02 00 ..</div><div> rhs : union epm_rhs(case 13)</div><div> uuid: struct epm_rhs_uuid</div><div> unknown : DATA_BLOB length=2</div><div>[0000] 00 00 ..</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_NCACN (11)</div><div> lhs_data : DATA_BLOB length=0</div><div> rhs : union epm_rhs(case 11)</div><div> ncacn: struct epm_rhs_ncacn</div><div> minor_version : 0x0000 (0)</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_TCP (7)</div><div> lhs_data : DATA_BLOB length=0</div><div> rhs : union epm_rhs(case 7)</div><div> tcp: struct epm_rhs_tcp</div><div> port : 0x0400 (1024)</div><div> floors: struct epm_floor</div><div> lhs: struct epm_lhs</div><div> protocol : EPM_PROTOCOL_IP (9)</div><div> lhs_data : DATA_BLOB length=0</div><div> rhs : union epm_rhs(case 9)</div><div> ip: struct epm_rhs_ip</div><div> ipaddr : 172.16.107.244</div><div> result : 0x00000000 (0)</div><div>rpc reply data:</div><div>[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........</div><div>[0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........</div><div>[0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...</div><div>[0030] 05 00 13 00 0D 78 57 34 12 34 12 CD AB EF 00 01 .....xW4 .4......</div><div>[0040] 23 45 67 89 AB 00 00 02 00 00 00 13 00 0D 04 5D #Eg..... .......]</div><div>[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..</div><div>[0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........</div><div>[0070] 04 00 01 00 09 04 00 AC 10 6B F4 00 00 00 00 00 ........ .k......</div><div>Mapped to DCERPC endpoint 1024</div><div>added interface ens160 ip=172.16.107.244 bcast=172.16.107.255 netmask=255.255.255.0</div><div>added interface ens160 ip=172.16.107.244 bcast=172.16.107.255 netmask=255.255.255.0</div><div>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f5a644d4990</div><div>s4_tevent: Destroying timer event 0x7f5a644d4990 "dcerpc_timeout_handler"</div><div>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a64076bc0</div><div>s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a64076bc0</div><div>s4_tevent: Destroying timer event 0x7f5a64240170 "dcerpc_connect_timeout_handler"</div><div> lsa_OpenPolicy2: struct lsa_OpenPolicy2</div><div> in: struct lsa_OpenPolicy2</div><div> system_name : *</div><div> system_name : ''</div><div> attr : *</div><div> attr: struct lsa_ObjectAttribute</div><div> len : 0x00000000 (0)</div><div> root_dir : NULL</div><div> object_name : NULL</div><div> attributes : 0x00000000 (0)</div><div> sec_desc : NULL</div><div> sec_qos : *</div><div> sec_qos: struct lsa_QosInfo</div><div> len : 0x00000000 (0)</div><div> impersonation_level : 0x0000 (0)</div><div> context_mode : 0x00 (0)</div><div> effective_only : 0x00 (0)</div><div> access_mask : 0x02000000 (33554432)</div><div> 0: LSA_POLICY_VIEW_LOCAL_INFORMATION</div><div> 0: LSA_POLICY_VIEW_AUDIT_INFORMATION</div><div> 0: LSA_POLICY_GET_PRIVATE_INFORMATION</div><div> 0: LSA_POLICY_TRUST_ADMIN</div><div> 0: LSA_POLICY_CREATE_ACCOUNT</div><div> 0: LSA_POLICY_CREATE_SECRET</div><div> 0: LSA_POLICY_CREATE_PRIVILEGE</div><div> 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS</div><div> 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS</div><div> 0: LSA_POLICY_AUDIT_LOG_ADMIN</div><div> 0: LSA_POLICY_SERVER_ADMIN</div><div> 0: LSA_POLICY_LOOKUP_NAMES</div><div> 0: LSA_POLICY_NOTIFICATION</div><div>rpc request data:</div><div>[0000] 00 00 02 00 01 00 00 00 00 00 00 00 01 00 00 00 ........ ........</div><div>[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........</div><div>[0020] 00 00 00 00 00 00 00 00 04 00 02 00 00 00 00 00 ........ ........</div><div>[0030] 00 00 00 00 00 00 00 02 ........</div><div>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7f5a642b3a00</div><div>s4_tevent: Added timed event "dcerpc_timeout_handler": 0x7f5a64093810</div><div>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7f5a642b3a00</div><div>s4_tevent: Schedule immediate event "dcerpc_io_trigger": 0x7f5a642b3a00</div><div>s4_tevent: Run immediate event "dcerpc_io_trigger": 0x7f5a642b3a00</div><div>rpc fault: WERR_ACCESS_DENIED</div><div>s4_tevent: Destroying timer event 0x7f5a64093810 "dcerpc_timeout_handler"</div><div>s4_tevent: Schedule immediate event "tevent_req_trigger": 0x7f5a64093560</div><div>s4_tevent: Run immediate event "tevent_req_trigger": 0x7f5a64093560</div><div>[Wed Mar 18 08:10:19.541586 2015] [:error] [pid 15176] ipa: DEBUG: WSGI wsgi_execute PublicError: Traceback (most recent call last):</div><div>[Wed Mar 18 08:10:19.541617 2015] [:error] [pid 15176] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 349, in wsgi_execute</div><div>[Wed Mar 18 08:10:19.541624 2015] [:error] [pid 15176] result = self.Command[name](*args, **options)</div><div>[Wed Mar 18 08:10:19.541627 2015] [:error] [pid 15176] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in __call__</div><div>[Wed Mar 18 08:10:19.541631 2015] [:error] [pid 15176] ret = self.run(*args, **options)</div><div>[Wed Mar 18 08:10:19.541634 2015] [:error] [pid 15176] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in run</div><div>[Wed Mar 18 08:10:19.541637 2015] [:error] [pid 15176] return self.execute(*args, **options)</div><div>[Wed Mar 18 08:10:19.541640 2015] [:error] [pid 15176] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 472, in execute</div><div>[Wed Mar 18 08:10:19.541643 2015] [:error] [pid 15176] full_join = self.validate_options(*keys, **options)</div><div>[Wed Mar 18 08:10:19.541646 2015] [:error] [pid 15176] File "/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py", line 582, in validate_options</div><div>[Wed Mar 18 08:10:19.541650 2015] [:error] [pid 15176] self.trustinstance = ipaserver.dcerpc.TrustDomainJoins(self.api)</div><div>[Wed Mar 18 08:10:19.541656 2015] [:error] [pid 15176] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1127, in __init__</div><div>[Wed Mar 18 08:10:19.541660 2015] [:error] [pid 15176] self.__populate_local_domain()</div><div>[Wed Mar 18 08:10:19.541663 2015] [:error] [pid 15176] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 1136, in __populate_local_domain</div><div>[Wed Mar 18 08:10:19.541666 2015] [:error] [pid 15176] ld.retrieve(installutils.get_fqdn())</div><div>[Wed Mar 18 08:10:19.541669 2015] [:error] [pid 15176] File "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 826, in retrieve</div><div>[Wed Mar 18 08:10:19.541672 2015] [:error] [pid 15176] raise assess_dcerpc_exception(num=num, message=message)</div><div>[Wed Mar 18 08:10:19.541675 2015] [:error] [pid 15176] ACIError: Insufficient access: Gettext('CIFS server denied your credentials', domain='ipa', localedir=None)</div><div>[Wed Mar 18 08:10:19.541678 2015] [:error] [pid 15176]</div><div>[Wed Mar 18 08:10:19.541970 2015] [:error] [pid 15176] ipa: INFO: [jsonserver_session] admin@SOLARIS.LOCAL: trust_add(u'<a href="http://infra.com">infra.com</a>', trust_type=u'ad', realm_admin=u'Administrator', realm_passwd=u'********', all=False, raw=False, version=u'2.113'): ACIError</div><div>[Wed Mar 18 08:10:19.542594 2015] [:error] [pid 15176] ipa: DEBUG: reading ccache data from file "/var/run/ipa_memcached/krbcc_15176"</div><div>[Wed Mar 18 08:10:19.542847 2015] [:error] [pid 15176] ipa: DEBUG: store session: session_id=15b334c24b28c1e228c1e843efb0bf86 start_timestamp=2015-03-18T08:06:18 access_timestamp=2015-03-18T08:10:19 expiration_timestamp=2015-03-18T08:30:17</div><div>[Wed Mar 18 08:10:19.545479 2015] [:error] [pid 15176] ipa: DEBUG: Destroyed connection context.ldap2</div><div><br></div><div><br><div class="gmail_extra"><br><div class="gmail_quote"><font color="#999999">On Tue, Mar 17, 2015 at 9:30 PM, Alexander Bokovoy <span dir="ltr"><<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>></span> wrote:<br></font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font color="#999999"><span class="">On Tue, 17 Mar 2015, Ben .T.George wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Hi<br>
<br>
i did kinit<br>
<br>
[root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab<br>
kinit: Keytab contains no suitable keys for<br>
host/kwtpocpbis01.solaris.<u></u>local@SOLARIS.LOCAL while getting initial<br>
credentials<br>
<br>
<br>
i destroyed and re-created. but still same<br>
</blockquote></span>
What did you destroy?</font><br></blockquote><div><br></div><div>kdestroy was the command i was talking about <br></div><div><font color="#999999"> </font></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font color="#999999"><br>
Why did you need to touch /etc/dirsrv/ds.keytab at all? It contains key<br>
for ldap/kwtpocpbis01.solaris.<u></u>local@SOLARIS.LOCAL that your LDAP server<br>
is using. It has nothing to do with your host/... principal. <br></font></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font color="#999999"><br>
If your sssd cannot authenticate against AD DC, it means trust is *not*<br>
working and anything else is fruitless unless you fix it. <br>
hat do you see<br>
in /var/log/httpd/error_log as result of dumping netr_LogonControl2Ex structure?<br>
<br>
<br>
Can you follow<br>
<a href="http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust" target="_blank">http://www.freeipa.org/page/<u></u>Active_Directory_trust_setup#<u></u>Debugging_trust</a><br>
and tell what do you see in /var/log/httpd/error_log as result of<br>
dumping netr_LogonControl2Ex structure?<br>
<br>
We went through this few weeks ago and I'm not seeing what did you<br>
broke.</font><span class=""><font color="#999999"><br></font>
<br><font color="#888888">
-- </font><br><font color="#888888">
/ Alexander Bokovoy</font><br>
</span></blockquote></div><br></div></div></div></div>